Third generation cryptocurrency project Nanorecently revealed that a hardware wallet called Jolt will be introduced shortly, which will support Nano [NANO] and other cryptocurrencies. In an interview posted on Nano’s Medium blog, Jolt developer Brian Pugh talked about the project and what it has is in store for users.
Pugh said that the team behind Jolt began surveying the “landscape of hardware wallets and kept seeing the same limiting factor”. The team found that current operations are relatively expensive and inconvenient since they use weaker hardware. On the contrary, Jolt - an open source project - has been developed with an aim to address all the aforementioned shortcomings and offer an alternative option.
“We want users to have access to strong security no matter how much cryptocurrency they own. Jolt has an order of magnitude more ram, CPU, and storage when compared to hardware wallets such as the Ledger Nano S. With built-in WiFi, Bluetooth, and battery, Jolt can instantly send funds to pre-configured contacts, such as exchanges or mobile wallets, without a computer or phone, within seconds of being unlocked, allowing secure transactions on the go,” Pugh added.
Over the past few months, the team has fabricated custom hardware, developed an app-based coin system and overhauled the GUI framework.
During the process of developing Jolt, the developers made sure “any hobbyist has the ability to create their own hardware wallet using easily sourced, inexpensive components”. Jolt will enable users to upload approved, digitally signed applications over USB or Bluetooth.
Detailing the nitty-gritty of Jolt, Pugh said,“Typically, in most microcontroller projects, such as Trezor, the firmware is compiled into a monolithic blob and flashed to the device; adding additional code requires recompiling the whole firmware. While developing this way is much easier, our team believes that it doesn’t scale effectively as the number of coins increases. At least 1 megabyte of storage is allocated for applications, which should handle at least 30 Apps; the current Nano application is only 20 kilobytes.”
Taking further step from the ESP32 microcontroller (which has a hardware AES encryption engine that encrypts all flash storage with a key that cannot be read back in any software), the developers have added a feature in the application that helps Jolt easily communicate with a secure EEPROM chip, the ATAES132A.
The EEPROM chip records all attempts made towards authorization and provides an extra high quality entropy source. The user’s mnemonic will be spanned across three locations: ESP32 encrypted flash, ATAES132A secure EEPROM and Stretched User PIN.
Reconstruction of user’s secret mnemonic requires all three sources and every failed pin attempt is recorded in a “in a monotonically increasing counter in the secure EEPROM chip.”
“The user’s PIN is stretched (slowed down derivation) via slow encryption commands on the ATAES132A; being hardware bound means that a hacker wouldn’t be able to brute force a PIN, even in the event of a complete compromise of the ESP32 chip. This novel method of mnemonic storage that is vastly more secure under physical attacks than our competitors who store the raw PIN in flash,” Pugh further explained.
Pugh finds wireless as “a scary word when it comes to security”. The security model induced in Jolt assumes all communication external to the device as public information, thus likely to be compromised. Taking it to another level, Jolt has added a screen that independently displays information about transaction for confirmation.
“Side channel attacks, such as Screaming Channels, are taken very seriously. Jolt disables all radios during cryptographic operations.
Jot sounded like a great fit for the Nano ecosystem when he talked about the possible launch date, “We are aiming for an initial production release in early 2019. However, we don’t want to rush to production before we are happy with the code-base security and documentation for third-party app developers.”
Last modifiedMonday, 12 November 2018